File name:

EpicSetup-1.3.29.13.exe

Full analysis: https://app.any.run/tasks/f7f02fdd-b0de-475b-984c-6db6aaeb6221
Verdict: Malicious activity
Analysis date: February 24, 2024, 16:08:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

20B4ABE9F1A234C3C5CF3E3653C73201

SHA1:

ACAD58367EF24DB763B12B6C25DDFF951DBBDE7B

SHA256:

78B6A0F85F50DA832C2553284C56C83BD847832D328A311477EBF950596A2431

SSDEEP:

24576:UxWdbqh6PI7HcPpexcuRTe1ceNWZtUVyJvRXMaffNIIW/SFvWBwVztcZrng8knyd:daECKpWIyxppfBmIOBCCZjg83PGbWZz

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • EpicSetup-1.3.29.13.exe (PID: 3700)
      • EpicUpdate.exe (PID: 3656)

    • Changes the autorun value in the registry

      • EpicUpdate.exe (PID: 3656)

    • Actions looks like stealing of personal data

      • EpicUpdate.exe (PID: 2044)
      • EpicUpdate.exe (PID: 3732)
      • EpicUpdate.exe (PID: 2036)
      • EpicUpdate.exe (PID: 3656)
      • EpicCrashHandler.exe (PID: 2844)
      • EpicUpdate.exe (PID: 1876)
      • EpicUpdate.exe (PID: 2636)
      • EpicUpdate.exe (PID: 3276)
      • EpicUpdate.exe (PID: 3944)
      • EpicUpdate.exe (PID: 1040)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • EpicSetup-1.3.29.13.exe (PID: 3700)
      • EpicUpdate.exe (PID: 3656)

    • Starts itself from another location

      • EpicUpdate.exe (PID: 3656)
      • EpicUpdate.exe (PID: 3732)

    • Creates/Modifies COM task schedule object

      • EpicUpdate.exe (PID: 2044)
      • EpicUpdate.exe (PID: 3656)

    • Application launched itself

      • EpicUpdate.exe (PID: 3732)
      • EpicUpdate.exe (PID: 3944)

    • Reads the Internet Settings

      • EpicUpdate.exe (PID: 1876)
      • EpicUpdate.exe (PID: 2036)
      • EpicUpdate.exe (PID: 3276)

    • Reads settings of System Certificates

      • EpicUpdate.exe (PID: 3276)

  • INFO

    • Checks supported languages

      • EpicSetup-1.3.29.13.exe (PID: 3700)
      • EpicUpdate.exe (PID: 3656)
      • EpicUpdate.exe (PID: 2044)
      • EpicUpdate.exe (PID: 3732)
      • EpicUpdate.exe (PID: 2036)
      • EpicCrashHandler.exe (PID: 2844)
      • EpicUpdate.exe (PID: 3944)
      • EpicUpdate.exe (PID: 1876)
      • EpicUpdate.exe (PID: 1040)
      • EpicUpdate.exe (PID: 2636)
      • EpicUpdate.exe (PID: 3276)

    • Creates files in the program directory

      • EpicUpdate.exe (PID: 3656)

    • Create files in a temporary directory

      • EpicSetup-1.3.29.13.exe (PID: 3700)
      • EpicUpdate.exe (PID: 2036)

    • Reads the computer name

      • EpicUpdate.exe (PID: 3656)
      • EpicUpdate.exe (PID: 2044)
      • EpicUpdate.exe (PID: 3732)
      • EpicUpdate.exe (PID: 3944)
      • EpicUpdate.exe (PID: 2036)
      • EpicCrashHandler.exe (PID: 2844)
      • EpicUpdate.exe (PID: 1876)
      • EpicUpdate.exe (PID: 1040)
      • EpicUpdate.exe (PID: 2636)
      • EpicUpdate.exe (PID: 3276)

    • Creates files or folders in the user directory

      • EpicUpdate.exe (PID: 3656)

    • Reads the machine GUID from the registry

      • EpicUpdate.exe (PID: 3656)
      • EpicUpdate.exe (PID: 2036)
      • EpicUpdate.exe (PID: 1040)
      • EpicUpdate.exe (PID: 3276)

    • Reads the software policy settings

      • EpicUpdate.exe (PID: 3276)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2020:10:16 17:32:36+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 333312
InitializedDataSize: 1490944
UninitializedDataSize: -
EntryPoint: 0x1000
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 1.3.29.13
ProductVersionNumber: 1.3.29.13
FileFlagsMask: 0x003f
FileFlags: Debug, Private build
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Epic Privacy Browser
FileDescription: Epic Privacy Browser Installer Setup
FileVersion: 1.3.29.13
InternalName: Epic Privacy Browser Installer Setup
LegalCopyright: Copyright 2007-2010 Google Inc.
OriginalFileName: EpicUpdateSetup.exe
ProductName: Epic Privacy Browser Installer
ProductVersion: 1.3.29.13
LanguageId: en
Debug: -
PrivateBuild: -
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
47
Monitored processes
11
Malicious processes
11
Suspicious processes
0

Behavior graph

Click at the process to see the details
start epicsetup-1.3.29.13.exe epicupdate.exe epicupdate.exe epicupdate.exe epicupdate.exe epiccrashhandler.exe epicupdate.exe epicupdate.exe epicupdate.exe epicupdate.exe epicupdate.exe

Process information

PID
CMD
Path
Indicators
Parent process
1040"C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /handoff "appguid={A3AA2AD6-C357-4BB3-9625-6550647D956D}&appname=Epic&needsadmin=False&lang=en" /installsource taggedmi /sessionid "{C1680A32-24D4-44A7-9CF7-2AAC10B26877}"C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
EpicUpdate.exe
User:
admin
Company:
Epic Privacy Browser
Integrity Level:
MEDIUM
Description:
Epic Privacy Browser Installer
Exit code:
0
Version:
1.3.29.13
Modules
Images
c:\users\admin\appdata\local\epic privacy browser\installer\epicupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
1876"C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjkuMTMiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7QzE2ODBBMzItMjRENC00NEE3LTlDRjctMkFBQzEwQjI2ODc3fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0I0OTRENjU3LUE1QUMtNDZBOS1BQzk5LTY4MERCQkNENTgyRn0iPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0ie0I4NTJFN0IxLTkwOEEtNDhFRi05NTc2LUNCRTIzNjU0RDkwN30iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4yOS4xMyIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PC9hcHA-PC9yZXF1ZXN0PgC:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
EpicUpdate.exe
User:
admin
Company:
Epic Privacy Browser
Integrity Level:
MEDIUM
Description:
Epic Privacy Browser Installer
Exit code:
0
Version:
1.3.29.13
Modules
Images
c:\users\admin\appdata\local\epic privacy browser\installer\epicupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
2036"C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /crC:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
EpicUpdate.exe
User:
admin
Company:
Epic Privacy Browser
Integrity Level:
MEDIUM
Description:
Epic Privacy Browser Installer
Exit code:
0
Version:
1.3.29.13
Modules
Images
c:\users\admin\appdata\local\epic privacy browser\installer\epicupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
2044"C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /regserverC:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
EpicUpdate.exe
User:
admin
Company:
Epic Privacy Browser
Integrity Level:
MEDIUM
Description:
Epic Privacy Browser Installer
Exit code:
0
Version:
1.3.29.13
Modules
Images
c:\users\admin\appdata\local\epic privacy browser\installer\epicupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
2636"C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /uninstallC:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
EpicUpdate.exe
User:
admin
Company:
Epic Privacy Browser
Integrity Level:
MEDIUM
Description:
Epic Privacy Browser Installer
Exit code:
0
Version:
1.3.29.13
Modules
Images
c:\users\admin\appdata\local\epic privacy browser\installer\epicupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
2844"C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\EpicCrashHandler.exe" /crashhandlerC:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\EpicCrashHandler.exe
EpicUpdate.exe
User:
admin
Company:
Epic Privacy Browser
Integrity Level:
MEDIUM
Description:
Epic Privacy Browser Installer
Exit code:
0
Version:
1.3.29.13
Modules
Images
c:\users\admin\appdata\local\epic privacy browser\installer\1.3.29.13\epiccrashhandler.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
3276"C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" -EmbeddingC:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
svchost.exe
User:
admin
Company:
Epic Privacy Browser
Integrity Level:
MEDIUM
Description:
Epic Privacy Browser Installer
Exit code:
0
Version:
1.3.29.13
Modules
Images
c:\users\admin\appdata\local\epic privacy browser\installer\epicupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
3656C:\Users\admin\AppData\Local\Temp\GUMF627.tmp\EpicUpdate.exe /installsource taggedmi /install "appguid={A3AA2AD6-C357-4BB3-9625-6550647D956D}&appname=Epic&needsadmin=False&lang=en"C:\Users\admin\AppData\Local\Temp\GUMF627.tmp\EpicUpdate.exe
EpicSetup-1.3.29.13.exe
User:
admin
Company:
Epic Privacy Browser
Integrity Level:
MEDIUM
Description:
Epic Privacy Browser Installer
Exit code:
0
Version:
1.3.29.13
Modules
Images
c:\users\admin\appdata\local\temp\gumf627.tmp\epicupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
3700"C:\Users\admin\AppData\Local\Temp\EpicSetup-1.3.29.13.exe" C:\Users\admin\AppData\Local\Temp\EpicSetup-1.3.29.13.exe
explorer.exe
User:
admin
Company:
Epic Privacy Browser
Integrity Level:
MEDIUM
Description:
Epic Privacy Browser Installer Setup
Exit code:
0
Version:
1.3.29.13
Modules
Images
c:\users\admin\appdata\local\temp\epicsetup-1.3.29.13.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
3732"C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /cC:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
EpicUpdate.exe
User:
admin
Company:
Epic Privacy Browser
Integrity Level:
MEDIUM
Description:
Epic Privacy Browser Installer
Exit code:
0
Version:
1.3.29.13
Modules
Images
c:\users\admin\appdata\local\epic privacy browser\installer\epicupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
Total events
7 544
Read events
7 461
Write events
55
Delete events
28

Modification events

(PID) Process:(3656) EpicUpdate.exeKey:HKEY_CURRENT_USER\Software\Epic Privacy Browser\Installer
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(3656) EpicUpdate.exeKey:HKEY_CURRENT_USER\Software\Epic Privacy Browser\Installer
Operation:writeName:path
Value:
C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
(PID) Process:(3656) EpicUpdate.exeKey:HKEY_CURRENT_USER\Software\Epic Privacy Browser\Installer\Clients\{B852E7B1-908A-48EF-9576-CBE23654D907}
Operation:writeName:pv
Value:
1.3.29.13
(PID) Process:(3656) EpicUpdate.exeKey:HKEY_CURRENT_USER\Software\Epic Privacy Browser\Installer\Clients\{B852E7B1-908A-48EF-9576-CBE23654D907}
Operation:writeName:name
Value:
Epic Update
(PID) Process:(3656) EpicUpdate.exeKey:HKEY_CURRENT_USER\Software\Epic Privacy Browser\Installer\ClientState\{B852E7B1-908A-48EF-9576-CBE23654D907}
Operation:writeName:pv
Value:
1.3.29.13
(PID) Process:(3656) EpicUpdate.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Epic Privacy Browser Installer
Value:
"C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /c
(PID) Process:(2044) EpicUpdate.exeKey:HKEY_CLASSES_ROOT\CLSID\{82610E6D-11CA-45A9-98B1-D03B9AEDBD13}\InprocHandler32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(2044) EpicUpdate.exeKey:HKEY_CLASSES_ROOT\CLSID\{84D964EE-0441-4A42-8146-0699AE05DDC3}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(2044) EpicUpdate.exeKey:HKEY_CLASSES_ROOT\CLSID\{9BA04732-4369-45EF-9DA1-90561134DE6D}\InProcServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(2044) EpicUpdate.exeKey:HKEY_CLASSES_ROOT\CLSID\{82610E6D-11CA-45A9-98B1-D03B9AEDBD13}\InprocHandler32
Operation:delete keyName:(default)
Value:
Executable files
129
Suspicious files
0
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
3700EpicSetup-1.3.29.13.exeC:\Users\admin\AppData\Local\Temp\GUMF627.tmp\EpicUpdate.exeexecutable
MD5:97DC047B7ED9C22FC6CC04E015AD26F3
SHA256:B04266CA05E8125A1544E68C8852F7D44DDE9C7E4F3B08A0383C0BF4AB6CFD2D
3700EpicSetup-1.3.29.13.exeC:\Users\admin\AppData\Local\Temp\GUMF627.tmp\goopdateres_ar.dllexecutable
MD5:DE553EE3DAC04B2A52E5B8317DBE3922
SHA256:65E2F79B249B2944A8F81980486574B15DEFF2DB43ED61E5CF8EDBB32959D242
3700EpicSetup-1.3.29.13.exeC:\Users\admin\AppData\Local\Temp\GUMF627.tmp\EpicUpdateBroker.exeexecutable
MD5:EAC4C2C7F8972E771DCB83CF66DB8126
SHA256:E864735EE505D35181066D268E4963F51581E87058E5F9C15AE90803B2914A8C
3700EpicSetup-1.3.29.13.exeC:\Users\admin\AppData\Local\Temp\GUMF627.tmp\EpicUpdateOnDemand.exeexecutable
MD5:4DB797D996FEB565BA45DC8E05216DD3
SHA256:F47C6E9740B967A27AF7CF07D9FED9A1DBE147F7376255FA9BA0653F583A6807
3700EpicSetup-1.3.29.13.exeC:\Users\admin\AppData\Local\Temp\GUMF627.tmp\psuser.dllexecutable
MD5:CC36535F71124A8119F41D0B4BC2A9C3
SHA256:F21D7E7D5902A16FA79611437C5FFFD46C0A8396CF1D9A70F54DBB41427DD53E
3700EpicSetup-1.3.29.13.exeC:\Users\admin\AppData\Local\Temp\GUMF627.tmp\goopdate.dllexecutable
MD5:BE1251E33E310931312839E7E92D5428
SHA256:DF801078E2512A40B32BDD801E771AD94ED9620B7BE9E8146DBFBF08E6043281
3700EpicSetup-1.3.29.13.exeC:\Users\admin\AppData\Local\Temp\GUMF627.tmp\goopdateres_bn.dllexecutable
MD5:D57A370B804835A938258ED7859742BC
SHA256:AB965667AC81A9F405F9088C6A34E05C9F75FBB086DD721208983D543C48DDF9
3700EpicSetup-1.3.29.13.exeC:\Users\admin\AppData\Local\Temp\GUMF627.tmp\goopdateres_da.dllexecutable
MD5:04D97FD41C84C1A976D1E53720BC2202
SHA256:025B963E649BB16927B05161AF59DBFED383ED5E6B70A9CA10A010D50760B2C4
3700EpicSetup-1.3.29.13.exeC:\Users\admin\AppData\Local\Temp\GUMF627.tmp\goopdateres_am.dllexecutable
MD5:D88C63B686242CC71FFE7527E6BFC387
SHA256:1CC7BB6883BCBD0BFE08FABA1BBAE512FB5F9D8AACCE1A80EE55955760E9F0C7
3700EpicSetup-1.3.29.13.exeC:\Users\admin\AppData\Local\Temp\GUMF627.tmp\EpicUpdateHelper.msiexecutable
MD5:C8F6A0A4A113C0B698A6BA6A4D82D7BC
SHA256:E908D7D23AA40F74068F97C90B9ACC1E103706425A7FFC2046FCBA5E45B1D910
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
11
DNS requests
8
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1876
EpicUpdate.exe
POST
200
167.172.35.137:80
http://updates.epicbrowser.com/service/update2
unknown
xml
352 b
unknown
2036
EpicUpdate.exe
GET
404
167.172.35.137:80
http://updates.epicbrowser.com/service/check2?appid=%7BB852E7B1-908A-48EF-9576-CBE23654D907%7D&appversion=1.3.29.13&applang=&machine=0&version=0.0.0.0&osversion=6.1&servicepack=Service%20Pack%201
unknown
html
2.74 Kb
unknown
3276
EpicUpdate.exe
POST
200
167.172.35.137:80
http://updates.epicbrowser.com/service/update2?w=3:QtgmWwTY4usuuSCXfoxNzwbBTtWNCjIFu2ILl6BxBaVU7j_CRRWFKeWf6hrlg8nrXKwLySsaIu5pE8eKT4LQVzlCDFs4ThLCKXVNAQH9oSKbwiPgZ_UUPKjEslyk1AKhRaOzNUsPtWKtp6CCwnGfE9FmIYkl2r-muPrYO5YR-pM
unknown
xml
877 b
unknown
856
svchost.exe
GET
200
23.0.174.209:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?73bd62fc7224bb7f
unknown
compressed
65.2 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2580
svchost.exe
239.255.255.250:1900
unknown
1876
EpicUpdate.exe
167.172.35.137:80
updates.epicbrowser.com
DIGITALOCEAN-ASN
NL
unknown
2036
EpicUpdate.exe
167.172.35.137:80
updates.epicbrowser.com
DIGITALOCEAN-ASN
NL
unknown
3276
EpicUpdate.exe
167.172.35.137:80
updates.epicbrowser.com
DIGITALOCEAN-ASN
NL
unknown
3276
EpicUpdate.exe
167.172.35.137:443
updates.epicbrowser.com
DIGITALOCEAN-ASN
NL
unknown
856
svchost.exe
104.21.71.132:443
cdn.epicbrowser.com
CLOUDFLARENET
unknown
856
svchost.exe
23.0.174.209:80
ctldl.windowsupdate.com
Akamai International B.V.
CH
unknown

DNS requests

Domain
IP
Reputation
updates.epicbrowser.com
  • 167.172.35.137
whitelisted
cdn.epicbrowser.com
  • 104.21.71.132
unknown
ctldl.windowsupdate.com
  • 23.0.174.209
whitelisted

Threats

No threats detected
Process
Message
EpicUpdate.exe
LOG_SYSTEM: [EpicUpdate:goopdate]: ERROR - Cannot create ETW log writer
EpicUpdate.exe
[02/24/24 16:08:13.130][EpicUpdate:goopdate][3656:3652][OS][version: OS_WINDOWS_7][service pack: 1]
EpicUpdate.exe
[02/24/24 16:08:13.130][EpicUpdate:goopdate][3656:3652][GetNamedObjectAttributes][named_object=Global\ES-1-5-21-1302019708-1500728564-335382590-1000_Epic Privacy Browser_Installer_Report_Ids_Lock_57146B01-6A07-4b8d-A1D8-0C3AFC3B2F9B]
EpicUpdate.exe
[02/24/24 16:08:13.130][EpicUpdate:goopdate][3656:3652][DllEntry][C:\Users\admin\AppData\Local\Temp\GUMF627.tmp\EpicUpdate.exe /installsource taggedmi /install "appguid={A3AA2AD6-C357-4BB3-9625-6550647D956D}&appname=Epic&needsadmin=False&lang=en"]
EpicUpdate.exe
[02/24/24 16:08:13.130][EpicUpdate:goopdate][3656:3652][Goopdate::Goopdate]
EpicUpdate.exe
[02/24/24 16:08:13.130][EpicUpdate:goopdate][3656:3652][Crash::InstallCrashHandler][is_machine 0]
EpicUpdate.exe
[02/24/24 16:08:13.146][EpicUpdate:goopdate][3656:3652][ExtraArgsParser::Parse][token=lang=en]
EpicUpdate.exe
[02/24/24 16:08:13.146][EpicUpdate:goopdate][3656:3652][running from official dir][0]
EpicUpdate.exe
[02/24/24 16:08:13.146][EpicUpdate:goopdate][3656:3652][is machine: 0]
EpicUpdate.exe
[02/24/24 16:08:13.146][EpicUpdate:goopdate][3656:3652][Current dir][C:\Users\admin\AppData\Local\Temp\GUMF627.tmp]
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
EpicSetup-1.3.29.13.exe